General

  • Target

    Eulen crack.exe

  • Size

    1MB

  • Sample

    230120-24h8tsbh9x

  • MD5

    faaf569803539174ef02b5b53e0388e2

  • SHA1

    ed13d220b1b822ad8032e69983a4197e5d72473f

  • SHA256

    683ea882def71b5bdc826c866e57825076d032c06b74702d500d62e756c3235f

  • SHA512

    a60aecffe4813415feaac01d4494cb71f6f2ff297661da426eca95bbeff26e1c40080ef4a7637086393a2f1a66cc18a263e0313834fe88d81827c48c0cfaa251

  • SSDEEP

    24576:AEiMngrdePNzQ0ZIxNXaV9x4IUgs36BUI2So5+jnzFoCaGApu8F:3gReFs0ZM0T+Sk6BU7HIFo7G98F

Malware Config

Targets

    • Target

      Eulen crack.exe

    • Size

      1MB

    • MD5

      faaf569803539174ef02b5b53e0388e2

    • SHA1

      ed13d220b1b822ad8032e69983a4197e5d72473f

    • SHA256

      683ea882def71b5bdc826c866e57825076d032c06b74702d500d62e756c3235f

    • SHA512

      a60aecffe4813415feaac01d4494cb71f6f2ff297661da426eca95bbeff26e1c40080ef4a7637086393a2f1a66cc18a263e0313834fe88d81827c48c0cfaa251

    • SSDEEP

      24576:AEiMngrdePNzQ0ZIxNXaV9x4IUgs36BUI2So5+jnzFoCaGApu8F:3gReFs0ZM0T+Sk6BU7HIFo7G98F

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Tasks